Fix Critical Python CVEs PyPI
Find and fix critical CVEs in Python requirements.txt. Get a patched requirements file with CISA KEV flags — no CLI, no signup.
⚠ The Problem
pip audit or safety scan flags a CRITICAL CVE in your Python dependencies but gives you a report, not a fixed file.
Bad Configuration — requirements.txt
cryptography==36.0.0 urllib3==1.25.11
Fixed Configuration — requirements.txt
cryptography==42.0.8 urllib3==2.2.2
✓ Fix
cryptography 36.0.0 is affected by CVE-2023-49083 (CRITICAL). urllib3 1.25.11 is affected by CVE-2023-45803 (HIGH). Update to the safe versions above. After updating, run pip install -r requirements.txt.
Scan your dependencies now — paste your manifest, get a fixed version back in seconds.
Open PackageFix →No signup · No CLI · No GitHub connection · Runs 100% in your browser
Frequently Asked Questions
What Python packages appear most often in CISA KEV?
cryptography, urllib3, Pillow, Django, and requests are the most frequently CVE-flagged Python packages. PackageFix always checks the live CISA KEV catalog.
How do I fix a CVE in a transitive Python dependency?
Drop poetry.lock or pip freeze output alongside requirements.txt. PackageFix identifies the full dependency path and suggests override syntax.
Does PackageFix support conda environments?
PackageFix supports pip-style requirements.txt. For conda, export to pip format: conda list --export > requirements.txt
What is the difference between safety and PackageFix?
safety is a CLI tool that requires installation. PackageFix runs in your browser — paste and go, nothing installs on your machine.